Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

An anonymous reader writes "ComputerWeekly reports that the U.K. government 'has, for the first time, mandated a preference for using open source software for future developments.' This comes from the newly released version of the Government Service Design Manual, which has a section about when government agencies should use open source. It says: 'Use open source software in preference to proprietary or closed source alternatives, in particular for operating systems, networking software, web servers, databases and programming languages.' The document also warns against vendor lock-in. This policy shift comes under the direction of government CTO Liam Maxwell, who said, 'In digital public services, open source software is clearly the way forward.' He added, 'We're not dogmatic about this – we'll always use the best tool for the job – but open source has major advantages for the public sector.'"

My guess is that it's mostly political rah-rah but in reality bureaucrats will find requirements so they get the proprietary platform of their choice anyway. Sometimes I've suspected vendor involvement, but in reality it seems to be mostly people on the inside who pick the system they already know and have competence with.

You have to consider that for other countries M$ is a dead loss, tons of money going out with no return. Pushing FOSS means that if an offshot of a major campaign contributing company sets up in that market you can readily funnel money to them and look really good in the polls when doing so. Basically FOSS in also going to be a double plus win for pollies.

My guess is that it's mostly political rah-rah but in reality bureaucrats will find requirements so they get the proprietary platform of their choice anyway.

The previous position was than open source software was to be selected if it was equal (in other respects) with the proprietary system. There was a document showing examples of this, e.g. choose Apache over IIS, showing that many other government departments already used Apache.

I'm not sure exactly what this changes. Possibly just giving a bit more push for the open source solution, but that's a welcome change.

What would be really good is if the government could recognise that there are probably many, man

You betcha.
The Government Service Design Manual comes from GDS [cabinetoffice.gov.uk], a part of the Cabinet Office.
GDS also created GOV.UK [gov.uk] - the new single domain for the UK government. The GOV.UK stack is almost entirely open-source software, which can be found on Github [github.com] under the Open Government License [nationalarchives.gov.uk].

I like this trend, but I think Open Government License is counterproductive Not-Invented-Hereism. It's basically a BSD-style license, but also contains an exhortation not to break British law.

Well, British law is already an exhortation not to break British law. You don't need an extra one. They should just use Apache 2 if they want a BSD-style license ; everyone's IP legal department already knows it.

So if they are serious about this, why does their shitty new jobsearch website require CVs to be uploaded in.doc or docx formats?

To be fair Cameron was pro open-source before he became prime minister, so it may well be something he believes is the right thing, but I don't think he is competent to ensure this policy is effective.

So if they are serious about this, why does their shitty new jobsearch website require CVs to be uploaded in.doc or docx formats?

Because not everything happens at once, especially in government. Nor is the public sector is famous for agile development.

Government, by its nature, is bureaucratic. When we're on the the receiving end of government services, we often perceive the bureaucracy as ponderous and inefficient. That's because accountability is a big part of the system. I've worked in governm

Yeah, my lot have to manage the transition to Windows 7 for a whole bunch of bespoke applications. We got shot of IE6 and heavens, we were glad, because our stupid timesheet software used ActiveX so we had to ditch that too.

The only thing really holding us back from moving to Linux is MS Office. The NHS had an enterprise-wide license, which a back-of-napkin estimate says must have cost on the order of £100M per year. That got dropped a while ago, I'm guessing because it was a big fat line item in the budget and made a ripe target for people saying "hey, what if we spent some small fraction of that on LibreOffice development?".

But we, like everywhere, I suspect, have a large number of things cobbled together from VBA and spit, not to mention the things people do with Access. Any coherent plan to move to Linux, or even LibreOffice, needs a department dedicated to migrating VBA and Access applications.

It really does depend on the public sector service in question though.

My local council thought it'd be amusing to blow Â£2million upgrading every computer to Office 2010 from Office 2007 at the same time as cutting useful services and doing nothing about inept services.

Because of course there was some pressing feature that Office 2010 offered that 2007 didn't that the whole entire council's network required at a time when they were supposed to be streamlining and making efficiency gains.

I think it's a response to most of their existing proprietary attempts to do things having been trainwrecks. I guess the reasoning is that at least this way, the trainwrecks will be less expensive on average.

I'd believe it's real. I work for Lloyds (40% owned by government) and we've been steadily replacing Windows with RHEL for some time. Maybe they saw it working for us and decided it was time they could do better.

Yes it's real. If you can get past the partisan political bloggers and established media who don't usually notice anything in IT related tech beyond Apple, Google, MS and Samsung press releases then you can discover that the Conservative party (the larger partner in the coalition administration) has some well informed and rational policies in these areas. We've had several decades of IT school level education being no more than training people to use proprietary software for clerical tasks, while the gov

It turned out that some "independent expert" had to admit being paid by Microsoft. One thing I like about UK officials that their reaction to finding out they are getting screwed by the powers who pay is not bending over. British humor is renowned, but more impressive is when they are not amused.

anyone on the other side of the pond know if this is a real attempt to push OSS software or if it's just another attempt to get discounted Microsoft software?

====I believe your conjecture is very wrong. With the cyberfraud, the keyloggers and all kinds of espionage, the governments will insist on using open source and in doing the final inspections and compiles. The security of the critical infrastructures, such as electrical grid, water, etc. is too important to not know what is in the code that is executing.

Open Source does not necessarily mean free source.

And with the proliferation of software due to Apple, Google (Android) and everyone else, document interc

anyone on the other side of the pond know if this is a real attempt to push OSS software or if it's just another attempt to get discounted Microsoft software?

It's mostly not about Microsoft. It's about trying not to roll everything up into one huge 'too bug to fail' IT project, and having a choice of the same few firms to contract out to. It's having something of value delivered even if the main contactor walks away halfway through the contract. Open source is one facet but it's as much about agile development as it is about FOSS.

Having flicked through it, it's actual quite well written. Government moves slowly though, so be prepared for reversals. Actually, I t

As I know, programmers and Linux admins cost twice to three times as much as their Windows admin counterpart. However, OSS is free.

Can anyone that's an IT director please clarify the gap, skillset, and possible configuring a network so complicated as to solidify job security for said admins? Which costs more and can deliver the most value? On that front, which set of admins is likely to engage in such dishonest practices? Or is it a out the same for both sets of admins?

And yes, there are many Windows/Linux admins that can do both with an indepth skillset and experience, but they command a premium salary as I know.

Things have changed for the better for Windows I am quite sure, but back in the days when I was a UNIX sysadmin for a living you needed 10x as many Windows admins as UNIX admins for the same number of machines / user seats, so a simple salary ratio would be misleading!

It's a factor of 3, these days. The Active Directory admins hate it when they see me coming, because I wind up educating them in the newb errors they've made in DNS, DHCP configurations, and password management. The Exchange managers also hate it when they see me coming because I *warn* them about the spam problems coming down the pike and how they can avoid it, and have consistently reversed that web of spit and duct tape they call a network map and pointed out the single points of failure.

You have to plan your migration to take place over time.. You don't throw everything out over night, you just ensure that any new deployments are platform agnostic (and most apps get refreshed periodically anyway). That usually means apps being web based and standards compliant whenever possible, authentication systems being based on standards etc. After a while you no longer need the old proprietary junk and can easily get rid of it.

And this is already happening, applications are moving towards being brows

By definition, if it's OSS your first customer can give it away for free and nobody need ever pay for it again. Therefore if your customers are paying for it it means one of three things:1) They're idiots, or locked in to an acquisition model that doesn't account for non-purchased assets.2) They believe in paying a fair price for a fair product, regardless of the legal necessity and effect on their bottom line. (don't we all wish)3) You actually provide worthwhile additional value for the price: Support, c

You forgot one thing: it's not possible to get the software for free if it doesn't exist yet;) A big part of our business is development of new software.

Besides, most of our costumers are not technologists, so the idea of going around setting up public source repositories is kind of foreign to them. We're significantly cheaper than the alternatives (mainly SAP), so they're happy to pay.

That said, we do offer additional value: hosting, support, custom development and training.

That's not the definition of open source software. Isn't that 'libre' software? Open source just means that you have the source. Personally, I'd prefer it if they mandated FOSS. Question though... if MS made their products open source, could you maintain it yourself... or would that be something that could be restricted by licence? The way I see it you could do anything you wanted with it within your own business. Anything else would be against copyright laws.

Scripting involves simplifying or automating a process using pre-existing functions in whatever software you're scripting against. Programming involves creating new functions where previously such a module or action did not exist in the first place. In other words: One involves creating limited functionality with the elements given to you. The other is creating whole new elements from the ground up.

At the end of the day, both the Windows and Linux admin may have to contact the vendor if said functionality i

Scripting involves simplifying or automating a process using pre-existing functions in whatever software you're scripting against. Programming involves creating new functions where previously such a module or action did not exist in the first place.

Hum, I take from this that the computers that run your programs don't have an instruction set, and you don't program in a language... As those are pre-existing functions that most people use to automate stuff.

Powershell and Bash scripting is no where near the same league as C++ and ASM. Just what in the hell was your point above and beyond the one I made previously. Your response wasn't even worth the electrons it took to publish on Slashdot. Seriously, why did you even bother? Troll much?!

Scripting involves simplifying or automating a process using pre-existing functions in whatever software you're scripting against. Programming involves creating new functions where previously such a module or action did not exist in the first place. In other words: One involves creating limited functionality with the elements given to you. The other is creating whole new elements from the ground up.

Thank you for that summary explanation. I will be appropriating it for explaining why I do not program, but do script.

So a program written in C which uses functions present in libc is actually a script?You're generally not creating anything from the ground up these days, you are using functions provided to you by the OS and its core libraries...

But anyway, his point was that the average linux admin has some programming skill while the average windows admin does not, so the linux admin will generally automate common functions to make his life easier and more productive.

>Can anyone that's an IT director please clarify the gap, skillset, and possible configuring a network so complicated as to solidify job security for said admins? Which costs more and can deliver the most value?

I'm not an IT director but as a Windows sysadmin who uses Linux for preference at home, there's still a huge gap in manageability for Linux. Linux has taken out some very small, specific niches, mostly in the server and mobile device space. But there's simply no Linux equivalent of Active Directory and Group Policy (there's Open Directory, which OSX uses, but there's a whole missing layer of policy control on top of that which isn't there).

Active directory is an absolute nightmare from a security perspective... Most of the supposed security related policies just amount to arbitrary restrictions on workstations which are implemented client side anyway (and thus trivial to bypass), and then you have design flaws like hash passing and storing the plaintext password in memory (google for mimikatz) which combined with typical setup practices make it laughably easy to compromise the average active directory setup from only a single insecure host.If

That might have been true due to the rarity but I expect that is actually Microsoft FUD. Job listings in the UK show that Linux sys admins aren't getting £60k over some Windows guy getting £30k. They're getting £30k too.

People who are competent at their job cost three times as much as people with very little skill or experience...

Many people *claim* to have windows knowledge, but in reality they are terrible and often their "experience" is limited to using msoffice in school and reinstalling windows for friends who got malware infections.

Much fewer people claim to have unix knowledge, largely because the class of people mentioned above aren't even aware that it exists. So most people claiming to have unix knowledge do actu

Sadly, I doubt it will. Healthcare providers are still too stuck on solutions based on Oracle Fusion, BizTalk, or Rhapsody. Getting them to try something new - especially one without a commercial support contract on it - is nigh impossible.

Oh, wait, just noticed that Mirth also has an insanely expensive support contract. I guess all they need to do now is get out there with some fancy stationery, good looking sales girls, and start inviting some execs to sporting events and they'll be right in there!

"We're not dogmatic about this – we'll always use the best tool for the job".
That's one of the most interesting points in the article. More people should think like that. In the end, software is just a tool.

This is both a tautology and besides the point. Sweaters are just clothes, but maybe you would still not buy them from the really cheap manufacturer that employs children. Detergent is just a tool, but maybe you should choose one that won't destroy the environment. Software is just a tool, but maybe you should pick those that won't lock you (and everyone that relies on you) in inside someone's private ecosystem for a long time.

Sweaters are just clothes, but maybe you would still not buy them from the really cheap manufacturer that employs children.

Or you'd buy them from a really expensive manufacturer who still employs children but works very hard to disguise the fact. Their production costs are likely the same or lower than the cheap manufacturer, they just make considerably more profit per sale.

So which is worse?

Software is just a tool, but maybe you should pick those that won't lock you (and everyone that relies on you) in inside someone's private ecosystem for a long time.

And you'd have thought this would be the most basic thing, one of the first rules of running is a business is not to get yourself in a position where the actions of any single supplier can exert any form of control over you. You should alwa

- A government has no mandate to entrust the country's data to a corporation nor to allow it to leak. It is therefore simply not permissible to allow that data to be processed by closed source software which by definition cannot be trusted.

The above should be self-evident, but in case it's not, objectors would do well to ponder the acknowledged backdoors in Skype and in a variety of Chinese routers. With open source, this cannot easily happen.

Governments should be forbidden from using non-Free software. Go ahead and get your company into whatever vendor lock-in you want, but public data should never be subjected to it.

No. This is wrong. Governments should be required to use open standards. Thus allowing open and closed source offerings to compete.

Furthermore, if it turns out that a supplier claimed compliance with an open standard but did not deliver this, there should be serious penalties levied against the supplier (and not just a slap on the wrist that the supplier will see as merely "cost of doing business"). The penalties could include requiring the supplier to make their version of the standard open to all.

Another requirement should be that the supplier allows the government to inspect the source code in order to make sure there are no backdoors in the code. With Open Source, this is automatic; for Closed Source solutions, it would be an additional requirement in the contract.

No. This is wrong. Governments should be required to use open standards. Thus allowing open and closed source offerings to compete.

That's not nearly good enough, not by a mile.

Open standards are not sufficient to allow a government's experts to check software for backdoors and data leaks. This puts closed-source software in direct conflict with the needs of national security and sovereignty, even when it uses open standards.

A company has the luxury to risk its data to closed-source software if it wants to

Open standards are not sufficient to allow a government's experts to check software for backdoors and data leaks. This puts closed-source software in direct conflict with the needs of national security and sovereignty, even when it uses open standards.

As a very large customer, a government can ask to see the source code of the software they use for the purpose of a security audit. For commercial software, this would be under some kind of NDA (though it wouldn't be a very strict one; governments don't and shouldn't compete with software companies!) but it would be entirely enough to allow checking for risks. This could well be made a condition of awarding the contract, announced at the time that the process for bidding was started, so it would be just par

Furthermore, if it turns out that a supplier claimed compliance with an open standard but did not deliver this, there should be serious penalties levied against the supplier (and not just a slap on the wrist that the supplier will see as merely "cost of doing business"). The penalties could include requiring the supplier to make their version of the standard open to all.

No, that's insufficient.

Make the penalty forced open-source, under a modified BSD license that includes patent licensing. Because you canno

Open Source and Free Software differ in the philosophy, but not in the licenses. The government should not decide on the philosophy of the developer, because that's none of the government's business and would be contrary to the freedom of opinion (it would not be much different to e.g. a Democratic US president deciding that only software produced by Democrats should be used by the government). Therefore "Open Source" would in this case the more appropriate term.

I have to disagree. Most of the formats I see developed this way end up horrible messes because they hire a whole bunch of consultants to do the work.

The difficulty with that is that contractors are paid by the hour, so you don't get

* Re-use of other standards where appropriate

I've seen people reinvent the wheel so many times it's not true. This is true from simple little things like time values in XML (xsd:time sensibly uses ISO8601, this lot made up their own format, with ensuing hilarity when implementers think that their standard XML tool kit date / time types will produce valid documents), diagram formats (they just copied another standard verbatim into their documents rather than saying - "Hey, lets use this standard and say so"), and document formats (they didn't like the ability of XHTML to have script tags in it, so they copied THAT as well).

* Simplicity

Simple designs that work don't generate billable hours. Complex monsters that require hours of argument over the finer points of what they actually mean, do.

* Implementations

Implementations are essential for the development of standards. If you don't implement them, you don't get any kind of feel for the actual needs of the problem domain and how well your design is solving them. Alas, standards developed by publicly funded committee in my experience don't bother with this, and typically don't include any actual software engineers to tell them what problems they might be causing for implementers down the line.

Things like pretending an identifier is an integer when all the handling means you have to treat it like a string (it consists of four separate fields, one of them optional, but as a stream of digits and not bytes). Or taking a set of metadata that you have to understand to read the data, and.. embedding that data inside the data itself. Or creating an abstract data type with a contract and then insisting that people store it without thinking about it's concrete requirements.

Formats thought up by corporations at least have the benefit of their creators not wanting to spend as much time as possible debating the finer points of the thing. They want something that works, but as evidenced by MOO-XML, practicality often means they end up with a real mess as well - but at least it's a real mess, and not just a theoretical mess.

I think "Open" is more important than "Standard". "Standard" gives the appearance of authority, but "Open" means you have a chance of things being useful.

MOO-XML is a horrifying mess. Not even MS Office implements it. It's a "standard", having been ratified by ISO, but nothing about it's development was "open".

FreeMind is a small java mind-map program. FreeMind format isn't a "standard", but it is "open". And it is useful - useful enough that most of the other mind-map programs will import it. You can open the files up in a text editor, or feed them through XSLT, or consume them with a program and do interesting things with them. And if you want a feature implemented in it, you can patch the sources, and even feed the patch back upstream.

I think collaboration on trying to solve a problem benefits from some actual problem solving, rather than just talking about what the problem might be and how it might be solved if so.

Simple designs that work don't generate billable hours. Complex monsters that require hours of argument over the finer points of what they actually mean, do.

So don't hire by the hour, hire an organisation to design something for a fixed set of requirements for a fixed price. If they make it overly complex and waste their time then that's their problem. If they make it simply and save time then they make more from the deal, obviously the requirements need to be strict enough to prevent them producing something lacklustre.

Many of those certifications were pushed through by proprietary vendors looking to create themselves a cartel. Also most of the certifications are pretty worthless to anyone who understands what they mean. When a product gets certified it's done in a specific configuration, and any change to configuration means that it's not certified anymore. Usually the certified configuration is not terribly useful, and actual use cases never match the certified config.

How much of it can claim that no part of the software was written by non-US citizens?

That would seem irrelevant for the UK.

There's a document somewhere on the gov.uk website showing examples of where open source software has been used. It's been encouraged for a while, I think this latest change is just a little more emphasis.

I work at a place that has a similar policy. Doesn't stop us from using way to many proprietary solutions that are actually worse than the Open Source solution. A lot of that is down to OS religion and people not actually understanding what Open Source is. We have managers (and directors) that believe the software needs to be a shrink wrapped solution from a proprietary vendor like Microsoft to be a decent solution and to be able to get 'Enterprise' level support. Many don't realise that just because you ca

A good analogy is if the UK government mandated that fleet vehicles have their design and manufacturing processes laid bare, or they wouldn't buy the vehicles. I really don't care about the processes documentation - buy the best car at the best price.

If the government did this, it would be in trouble as soon as the vehicle needs maintenance. Or if you wanted to modify the vehicle later. If you MUST go back to the vendor for this, you have just accepted the fate of a

You are clearly not basing this on what is the best tool (even if the open source happens to be the best tool).

You're contradicting yourself.

Openness has clear and undoubted benefits for the public sector, and so not surprisingly this customer made openness a default requirement. He's not mandating against proprietary software, but if a software company can't give him the desired openness then it's not fulfilling his requirement. Given his requirement, open source tools are the best tools by default, but not the only ones.

The customer decides the requirements, not the provider. Live with it.

You just mandated open source. You are clearly not basing this on what is the best tool (even if the open source happens to be the best tool). I am a fan of open source, but we shouldn't be mandating EITHER way. The best tool is the best tool, the type of source code is irrelevant.

As I understand it, it means "if two products are equally suitable for the given purpose, but one is open source and the other isn't, then choose the open source one." Not too different to the rules for employing women or people w

I am a fan of open source, but we shouldn't be mandating EITHER way...... A good analogy is if the UK government mandated that fleet vehicles have their design and manufacturing processes laid bare, or they wouldn't buy the vehicles. I really don't care about the processes documentation - buy the best car at the best price.

Wrong car analogy. Unlike software, it is easy to replace one type of car with another if the first is unsatisfactory.

Nevertheless, I once worked in ship design for the Royal Navy and every detail of the design WAS required. We needed (among other things) to be damn sure that the ships were maintainable by any dockyard - not just the one that built it for example.

Why would the government get specific and suggest that 'operating systems, networking software, web servers, databases and programming languages' be open sourced in particular? How does it matter whether the databases or programming languages be 'open' (and what do those mean, anyway?) Yeah, it helps for the OS to be open sourced, so that someone like HP can't pull an Itanium over you, making you dump perfectly good Alphaservers. It helps for networking to be standard, say IPv6, so that people working w/

Document formats. If you change suppliers later can you use all the files you created or are they locked in to your current supplier? Also are you dictating that those you send documents use the same software to read it that you used to create it thereby as government giving a defacto monopoly to your supplier?

From what I understand, most document formats can be converted into other formats, and once that's possible, there isn't a real lock-in to the supplier. MS in particular - both Libre Office and Calligra can read Word format documents, and once documents are saved in their native formats, they are good to go. But it would be more important that open source software be used, so that they can be ported to any future platform, and that government IT personnel can go for the most cost effective hardware withou